Tagged Questions

X.509 is an standard for a public key infrastructure used for authentication and access control. X.509 specifies standard formats for certificates, revocation lists, attribute certificates, and path validation.

If someone have to transfer X.509 certificates in a single bundle, usually, it is recommended to pack them into PKCS#7. And content of PKCS#7 can be signed.
OpenSSL allows to pack certificates into ...

A previous question, What is the use of cross signing certificates in X.509? described cross-signed certificates well.
I have a situation where the clients trust CA1 xor CA2, and both need to reach a ...

I have a case at hand as follows:
There is a number of clients in Internet (i.e. untrusted channel), initially in hundreds but growing in numbers.
There is a server doing processing related to these ...

What is the difference between openssl and mkcert. Which one should I prefer.
I want to create an IIS hosted WCF service. Which one should I use to create an SSL certificate. Also, there is another ...

Or are certs both host- and port-specific (excepting wildcard certs)?
I would assume they aren't, because they're supposed to verify a domain, but at the same time I've never seen anyone run HTTPS on ...

If remember right, then before I send a CSR (Certificate signing request) to the CA, I have to create private and public keys.
Then I use the public key to encrypt my personal details before I send ...

The Kohnfelder certificate standard is very similar to that of X.509 certificate standard. Comparing the two standards, does one have an advantage edge over the other? or what are the pros and cons of ...

When you look at currently used concept of Root CA (primarily in SSL/TLS context), you can see a single-point-of-failure vulnerability, which means, if your private key is disclosed, you automatically ...

For an Authenticode signed file to be verifiable by Windows after the original signing certificate has expired (typically 1-3 years after issue), the file also needs to have a cryptographically signed ...

I am looking into using the X.509 for mutual delegation where mutual delegation is bi-directional where an entity can only delegate a task or a set of permissions to another entity if the latter is ...

I am currently developing a product that involves two network situations.
At the client side, multiple computers form a P2P network (multiple locations, multiple p2p networks), and a subset of nodes ...

At DEFCON 17 (2009) Moxie Marlinspike gave a talk were he was able to use a malformed certificate signing request to get SSL certs signed for domains he doesn't own. The gist of it was that for the ...

I used openssl to create a X.509 certificate but I don't quite understand the relationship between a X.509 and a SSL certificate. Are they the same? Is a SSL certificate just a X.509 certificate that ...

Can a revocation certificate for an old X.509 certificate be attached to an email in addition to a replacement certificate in such a way that the client user does not have to manually intervene? Or ...

I do not mean simply putting the public RSA key of a x.509 certificate into ~/.ssh/authorized_keys - I'm looking for a way to set up a ssh such that x.509 certificates signed by a pre-defined CA will ...

Analogously to the SSL server certificate question, which extensions should I use for S/MIME, and should the CA be restricted somehow as well?
(I'm using openssl, which at the moment creates CA and ...

I have the following situation:
A server certificate (CServ) is signed by self-signed certificate (C0)
A client certificate (CCli) is signed by CServ
Client's trust-store contains C0, so the client ...

For the past couple of hours I've been trying to create a self-signed certificate which I'd like to use to encrypt HTTP traffic between computers and a server on my home network (because I'm paranoid ...